[UPDATE] German government calls security within Windows 8 "unacceptable" – continues switching their machines over to Linux

Do you trust Microsoft’s latest operating system, Windows 8? If you are the Federal Republic of Germany, the answer to that question is "no". Last week internal documents from IT professionals within the government showed a strong rejection of the new operating system calling it "unacceptable for the federal administration and the operators of critical infrastructure".

The German government feels technology within the latest operating system create a dangerous backdoor that could allow access to confidential information. With the United States’ Nation Security Agency in the not so positive spotlight recently, concerns of keeping confidential data secure is at an all-time high.

The new trust issue is ironically due to the latest version of Trusted Computing – a technology developed to enforce behavior on a PC. The operating system works with a Trusted Platform Module (TPM) chip to coordinate and regulate what software can be run on a PC and how secure data is managed. The idea behind the Trusted Computing platform is to prevent malicious software and code from running on your machine.

The latest edition of the TPM chip included with Windows 8 will come already activated when you receive a new PC. In addition, while you can "disable" the TPM chip, there is no way to completely shut it off and insure that it won’t re-enable itself.

While this all might sound keen and dandy to the average user, the new Trusted Computing platform could possibly serve as a backdoor into the system when updates are pushed. The new TPM chip also removes complete control from the user without a firm way to opt-in and opt-out of the technology.

In an official statement, Germany’s intelligence agency stated that:

"The BSI warns neither the public nor the Federal German company prior to any deployment of Windows 8, the BSI currently provides, however, some critical aspects related to specific scenarios in which Windows 8 is operated in combination with a hardware is that has a TPM 2.0., for certain groups of users, the use of Windows 8 in combination with a TPM may well mean an increase in safety. This includes users who cannot or for various reasons do not worry about the security of their systems want, but the manufacturer of the system trust that this provides and maintains a safe solution. "

(Please note the above quote was translated from German into English and therefore may not be completely accurate word for word.)

The biggest problem for Microsoft? The Munich city administration in Germany has already decided they prefer to go without Windows and take a different route for increased security in the future – Linux. The city had begun a transition to switch all of their machines from Windows to Linux; the transition began ten years ago, but to government officials today – it doesn’t seem to be a bad idea. The entire city administration for Munich expects a completion date sometime in late 2013.

Here in the United States, the government has been using Linux on its backend servers for a long time, but a strong partnership with Hewlett-Packard keep PCs running Windows XP and Windows 7 front and center.

UPDATE: We are not going as far to insinuate that the NSA or other government agencies would actually use a TPM chip to gain access to a secure machine. In addition, there have been a few reports stating that the German government may have or may not have made certain statements – either way, our focus is to discuss the current possible security faults with the second generation of the Trusted Platform hardware and Microsoft’s Windows 8 operating system.

This was the first time I saw the zdnet article. So, thank you Robert.
Also, Michael, if you already knew about this story being a conspiracy, why didn't you mention in the article? Or only your opinion matters here?

This was not an opinion piece, if you reread the article you will find that I did not insert my own opinions – only reiterated previously announced information. There are a lot of "conspiracies" on the internet and as you can see, once we were able to find doubt on the topic we updated with a statement. Thanks for reading!

Fact is that BSI said "Windows 8 might be a risk with TPM 2". And all Government institution shouldn´t use it.
I know it. One of our customer is an Government institution. I know that they did not migrate to Windows 8.

This sounds like nonsense to me. Linux *can* be more secure, of course, but Linux suffers as many security exploits as windows. Infact, if i recall its about 4 times as many as windows 8.
Anyway, hacks these days are from social engineering, and i bet the users in Germany on Linux are as dense as those on windows :)

That's very accurate. As Linux being an UNIX type operating system, it has been inherently more secure than the earlier versions of Windows. Today of course, Microsoft managed to catch up. The "social engineering" attack is also much harder to pull of as it is highly unusual for a Linux user to have to download anything from the web then have to run it. Moreover compiling a program is an insanely hard thing to do! Instead, installing programs is done via repositories which are very similar to the various app stores yous see now popping up in various platforms.

Linux is open source, windows is closed source, and microsoft has been proven to work with the nsa and has been caught multiple times lying about it.

And here's what I said:

Oh really? Been caught several times eh? I'd love to see some proof, but you probably won't reply.

So take a minute to actually read my response to what you actually said before calling people ignorant. I asked for specific proof of where MS was caught lying, several times no less. And even if we we're discussing what you posted about, the order in which companies got signed up makes no difference, they are all signed up (what do you suggest they do, say FU to the government?). Also, MS has always stated in the past that they will provide very specific info (not blanket and direct access) when a government agency demands it (especially when they must legally comply). I'm still waiting for the part where they were caught lying.

Just another MS hater and Linux lover somehow got a top job and strong armed people into "saving money using Linux", not thinking how difficult it will be for users to switch.
"So just open that Excel file the French adminstration sent over Henrich"
"Errr nein possible"

Probably because any attempt by a government agency to create their own OS will last ten years, go millions over budget, will be obsolete when finished, and won't be able to do the things that were promised. That's what happened when the IRS not to long ago tried to modernize their networks.

Yeah sure, a government COULD just randomly build their own OS. But with no experience, no basis and no idea, its probably not gonna be as good as windows or Linux. They could always copy windows or Linux, and then as they are a government they are immune to copywrite if they want to be.

Wouldn't go down well with the eu or the usa, but hey, better than buying something for a billion cheaper than you can make it yourself yeah?

Yes they should, specially with the US Government spying on foreign countries, even those who are supposed to be their allies.
That said, Microsoft should think seriously about addressing the concerns of the German government...'cause if Germany switches to Linux, you can bet other European countries will follow...

I agree, it is a trend. In France, some ministry have already switched to Linux and the prime minister has written a letter saying that it was better to use open source software in administrations. Of course, users often prefer Windows, so it is still chosen in administration, but European countries starts to worry about their online security and possible backdoors to foreign countries.

Munich switching to Linux is really unrelated to recent privacy concerns. They just want to save millions of Euros by not paying for Windows and not paying for Office. So they are going Linux + OpenOffice.

Yeah, this whole TPM thing is a joke. In Australia, I don't know a government agency or financial institute that doesn't use BitLocker these days. If you don't have a TPM chip you can use a USB stick to store the cypher. All it has is a random number generator and memory for a cipher/key storage. Plus Linux supports TPM for encryption too. Next we will hear how PKI certificates are bad and IT Departments should remove their certificate authorities...

How do you think encryption is done in mobile phones even... wow... just wow... are they confusing TPM v1.2 with Intel's vPro???

Linux has many more security issues than Windows, and the user experience is substandard. There is a reason Windows still controls the desktop... more applications exist, it is cheaper to develop for and has better security.

A TPM module doesn't make your system less secure:

a) You can turn off Bitlocker
b) You can still use something like TrueCrypt

For most users, a TPM module will make your laptop more secure from random strangers walking off with your data, and so is a good thing.

Microsoft is spying a little, but Google is spying more. TMP is better then some opensource OS without any security guaranted. If something is for free it have to cost in some other way and espionage by author is one of the possibilities.

The main issue is that windows is proprietary solution made in the US. If you can't access source code, you can't be sure that there isn't any backdoor for the NSA for instance, it has nothing to do with breaches in Linux or Windows. They are not talking about you guys using your computer, they are talking about secret services and critical infrastructures. It is more secure to master your software than trust a foreign company, possibly giving the access to governmental services. And that's the only way to ensure no backdoors actually.

Yeah, but good luck with interoperability with what most of rest of the world is using, namely Office. Open-source Office alternatives can claim compatibility all they want, but fact is, that compatibility never has been and never will be 100% with Office.

I think national security is probably more a concern than bad presented text or spreadsheet documents... MS Office reads odt, ods and some others open source formats. And I'm pretty sure that most documents are for an internal use, so no compatibility issues in this case. So I definitely don't think that it is a bigger concern than national security!

That is beyond the point of being overly simplified. Other than formatting support (which none of the Office alternatives do well), there is the matter of custom line of business macros, Vbscript and third party plug-ins for Office. Unless you've actually worked with office file compatibility, you simply couldn't know how unbelievably time consuming and complex it can be and that is moving from one version of Office to another much less moving to OpenOffice. Don't even get me started on all the Java dependencies. Even Oracle uses MS Office if that tells you anything.

Long time ago in one of the forums conversations I stated that unix and its derivates especially Linux were used mostly as servers ( backends) and people argue with me that windows was mostly used on servers. So there you have it backends are running mostly Unix and derivates (Linux,fedora, red hat, etc)

If your saying that most servers in IT organizations run Linux or a derivative, my experience would suggest otherwise. A Linux heavy shop may have as much as 10% Linux with the occasional Sun Solaris box mixed in for good measure. On average, I would say that they are no more than 5%. Windows Server dominates the data center for every one that I've pulled data from with the vast majority of those running SQL, IIS and file services. As for the topic at hand, if you are unable to trust TPM 2.0, you may as well say the same for all the US managed Trusted Root Certification Authorities. If TPM is a back door, Trusted Root CA's are the front door with the keys dangling in the lock. EVERYONE depends upon them to qualify trusted vs untrusted or unsigned code across numerous platforms. They are also the BASIS for whether an SSL site can be trusted and so forth. This sounds more like fear mongering on the part of the German authority in question with a little bit of buyer's remorse mixed in. They have been moving to open source for a long time now. Its clear that they really want to keep driving that regardless of whether the analysis is biased or not. Regardless of which is more or less secure, the fact remains that Linux will be more difficult and time consuming to manage and it will probably cost two times more than the equivalent Windows environment simply because of all the custom development. The end user experience will be sub par as well. That isn't a knock against Linux. Its just the nature of the beast. Microsoft has a keen understanding of what works for the enterprise. Frankly, its not fair to compare Linux to Windows when it comes to sustainability, management and return on investment. They are in a different class altogether. As for security, this seems to have alot more to do with whether you can trust third party security authorities. If that's the case, you might as well abandon all web services (because of the Root CA's) and TCP/IP could be an attack vector as well. Just imagine all the snooping they could do with IPv6 and the Internet of Everything! Taken to the extreme, you could just as easily accomplish the same using any platform with a dark net. That just wouldn't be very useful in this day and age.

Well, first we are not discussing personal average security on any given OS here, but government level secrets that require protecting. Hence, the people in charge tend to be extremely suspicious of any POSSIBLE vulnerability. They did not say that Windows 8 is unsafe. The statement was, that they do not like the limited user control (opt-in or opt-out) and they fear hackers piggy-backing on updates when they are pushed by the OS provider to the end-user, since this is a POSSIBLE backdoor.
Since I have no big culture on technology I don't want to lecture anyone, but I guess the more secrets you have to keep - and every government does - the more paranoid you will be. And then it's only right that the choose that system where they feel safest with. If this corresponds to the facts is another point entirely. But for sure the government has their own experts and advisors. I do not believe they are all talking bullshit simply because they mistrust Microsoft or Windows 8.
Last point: changing an operating system for a company or even a government is a huge work process and very cost intensive. That will have an impact on their decision as well.